policy/v2: exclude exit routes from ReduceFilterRules

Add exit route check in ReduceFilterRules to prevent exit nodes from receiving packet filter rules for destinations that only overlap via exit routes. Remove resolved SUBNET_ROUTE_FILTER_RULES grant skip entries and update error message formatting for grant validation. Updates #2180
2026-04-25 01:59:07 +02:00 · 2026-03-18 14:40:12 +00:00
parent e05f45cfb1
commit f95b254ea9
7 changed files with 45 additions and 93 deletions
--- a/hscontrol/policy/v2/utils.go
+++ b/hscontrol/policy/v2/utils.go
@@ -19,7 +19,7 @@ var (
 	ErrInvalidPortRangeFormat = errors.New("invalid port range format")
 	ErrPortRangeInverted      = errors.New("invalid port range: first port is greater than last port")
 	ErrPortMustBePositive     = errors.New("first port must be >0, or use '*' for wildcard")
-	ErrInvalidPortNumber      = errors.New("invalid port number")
+	ErrInvalidPortNumber      = errors.New("invalid first integer")
 	ErrPortNumberOutOfRange   = errors.New("port number out of range")
 	ErrBracketsNotIPv6        = errors.New("square brackets are only valid around IPv6 addresses")
 )